Adding or Replacing a Signed Certificate for the Conductor UI
By default, the Conductor comes with a Tempered factory-installed certificate. You can add your own custom certificate to prevent the “Your connection is not private” messages received on some browsers. A custom signed certificate is used by the Conductor for the SSL connection.
Important: For Conductors in HA environments, both Conductors must not be HA paired to upload and install custom certificates. Follow the steps for each Conductor. Once complete, HA pair the Conductors.
Request and copy a CSR (Certificate Signing Request) for the Conductor
-
In Conductor
Settings, under Airwall Conductor
Identity, click Actions, and then select
Create certificate or Replace
certificate.
-
Under Distinguished Name, enter the Identity
(Distinguished Name) of the Conductor.
If you are replacing a certificate, you can leave the Distinguished name the
same. For example,
/C=US/O=Tempered/OU=Dev/CN=cond.example.com
- Under CSR, select either Copy or Download to generate and get the CSR you need to get a signed certificate. (In versions 2.2.5 and earlier, select and copy the CSR.)
- Select Save.
Getting a signed certificate
Use the CSR to request a new signed certificate. You can generate a new signed certificate using your organization’s own process, or with a public PKI Registration Authority.
- Submit the Certificate Signing Request (CSR) you copied or downloaded to your Enterprise PKI Registration Authority. They use it to create your certificates.
- When you get the certificates, download or copy them.
Uploading the signed certificate to the Conductor
- In Conductor Settings, under General settings, scroll down to Airwall Conductor Identity, and select Edit.
-
Under Signed Certificate, paste the custom-CA signed
certificate to install the certificate on the Conductor.
- Select Save.
- Refresh your browser window to apply the new certificate.